$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/hDX4u7pdx7Zf5kqxUv0PItrx1f4.roa File: hDX4u7pdx7Zf5kqxUv0PItrx1f4.roa (raw, json) Hash identifier: grzzaZRI5mpPViDtJPvajB5QsdXQjicqtx/xXdx9O+4= Subject key identifier: 84:35:F8:BB:BA:5D:C7:B6:5F:E6:4A:B1:52:FD:0F:22:DA:F1:D5:FE Certificate issuer: /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267 Certificate serial: 2028 Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/hDX4u7pdx7Zf5kqxUv0PItrx1f4.roa Signing time: Fri 17 Jan 2025 01:24:10 +0000 ROA not before: Fri 17 Jan 2025 01:24:10 +0000 ROA not after: Sat 27 Sep 2025 02:40:14 +0000 asID: 61317 IP address blocks: 223.29.252.0/22 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 04 Apr 2025 22:07:22 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8232 (0x2028) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267 Validity Not Before: Jan 17 01:24:10 2025 GMT Not After : Sep 27 02:40:14 2025 GMT Subject: CN=8435F8BBBA5DC7B65FE64AB152FD0F22DAF1D5FE Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d0:aa:83:18:13:6b:71:50:26:53:46:9b:90:41: 16:53:c8:25:44:2c:d5:07:6d:94:02:b0:9b:72:be: 7c:d8:8f:d5:b9:2f:61:63:b8:60:a8:1f:9a:a6:36: 74:b7:5f:42:49:b3:9e:3c:27:47:d7:0e:23:6d:85: 81:bc:5a:a7:5e:97:22:e0:fa:4f:7b:da:26:8d:4d: a2:2f:f0:4a:e9:a5:c3:62:74:78:d5:1f:91:cf:09: d2:dd:61:69:9a:e8:90:56:00:6b:42:d1:fd:12:4b: a6:d3:b3:f6:22:5f:a6:85:ce:54:e7:d5:34:cf:5e: a6:9b:9a:9b:01:62:90:fb:2e:13:9e:61:a9:38:85: 93:52:1f:d2:8d:fb:b4:7e:55:94:52:20:2d:91:ea: c7:62:86:00:21:e9:6f:81:ef:bc:74:60:dd:96:1d: 81:2c:3d:69:f6:ce:39:85:b9:e9:bc:d8:be:c3:5c: 4c:d7:5e:76:09:e0:9a:99:77:53:b0:47:fe:4d:8f: d7:c9:1e:82:29:79:7f:6f:3b:ca:bd:71:c8:c3:36: 21:a8:c5:d2:85:0a:fb:3b:0d:70:a8:cc:9f:94:e8: 65:fb:a1:30:16:c7:92:3f:41:da:26:cc:5f:24:34: af:25:f5:8c:89:c6:67:d2:59:1d:dd:c0:00:58:e8: 7f:c1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 84:35:F8:BB:BA:5D:C7:B6:5F:E6:4A:B1:52:FD:0F:22:DA:F1:D5:FE X509v3 Authority Key Identifier: keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/hDX4u7pdx7Zf5kqxUv0PItrx1f4.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 223.29.252.0/22 Signature Algorithm: sha256WithRSAEncryption d0:3b:00:7c:63:1e:f6:dc:58:48:c6:b1:45:36:bb:eb:75:dd: 68:b3:72:0f:af:bc:fb:d2:83:b2:cc:09:9c:fe:4f:f8:d8:90: 63:e3:aa:70:ef:f1:38:8b:aa:57:8c:47:51:c4:f8:56:f4:a5: f2:2f:f7:3a:e1:e1:f2:96:5f:89:e7:14:5f:fe:94:fd:48:13: 19:7c:9d:6e:de:0a:df:90:a7:e7:30:a7:84:9d:4e:b3:a1:6b: 04:74:0a:af:81:34:52:d0:f4:57:af:b0:e3:2d:62:e4:d6:e3: 7d:d8:59:48:36:36:11:e6:a0:f7:45:68:4c:75:93:0e:8b:2b: 4b:69:14:0c:fe:4e:f3:a7:84:06:5f:4e:ea:a3:00:36:6d:a0: f4:72:e6:40:39:ec:6e:10:ad:47:36:28:7f:48:a6:a6:52:d6: a3:ed:67:e8:78:50:6f:fa:46:73:f8:ce:b3:6f:3c:39:29:9a: 9f:f2:e9:ed:28:eb:b8:3a:dd:7a:31:25:96:50:9a:a9:fa:71: 84:ad:be:85:83:1d:bf:d5:ef:d7:e4:68:21:f5:bb:cc:39:53: fb:f8:d2:98:35:f4:86:7a:a5:c0:22:ea:94:32:57:6d:1a:8f: 51:fa:99:50:55:58:12:38:f0:3f:31:ec:fd:6c:ea:03:61:d9: 14:5e:70:54 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICICgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTAxMTcw MTI0MTBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDg0MzVGOEJCQkE1REM3 QjY1RkU2NEFCMTUyRkQwRjIyREFGMUQ1RkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDQqoMYE2txUCZTRpuQQRZTyCVELNUHbZQCsJtyvnzYj9W5L2Fj uGCoH5qmNnS3X0JJs548J0fXDiNthYG8WqdelyLg+k972iaNTaIv8ErppcNidHjV H5HPCdLdYWma6JBWAGtC0f0SS6bTs/YiX6aFzlTn1TTPXqabmpsBYpD7LhOeYak4 hZNSH9KN+7R+VZRSIC2R6sdihgAh6W+B77x0YN2WHYEsPWn2zjmFuem82L7DXEzX XnYJ4JqZd1OwR/5Nj9fJHoIpeX9vO8q9ccjDNiGoxdKFCvs7DXCozJ+U6GX7oTAW x5I/QdomzF8kNK8l9YyJxmfSWR3dwABY6H/BAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUhDX4u7pdx7Zf5kqxUv0PItrx1f4wHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvaERYNHU3cGR4N1pm NWtxeFV2MFBJdHJ4MWY0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAt8d/DANBgkqhkiG9w0BAQsFAAOCAQEA0DsAfGMe9txYSMaxRTa763XdaLNy D6+8+9KDsswJnP5P+NiQY+OqcO/xOIuqV4xHUcT4VvSl8i/3OuHh8pZfiecUX/6U /UgTGXydbt4K35Cn5zCnhJ1Os6FrBHQKr4E0UtD0V6+w4y1i5NbjfdhZSDY2Eeag 90VoTHWTDosrS2kUDP5O86eEBl9O6qMANm2g9HLmQDnsbhCtRzYof0implLWo+1n 6HhQb/pGc/jOs288OSman/Lp7SjruDrdejElllCaqfpxhK2+hYMdv9Xv1+RoIfW7 zDlT+/jSmDX0hnqlwCLqlDJXbRqPUfqZUFVYEjjwPzHs/WzqA2HZFF5wVA== -----END CERTIFICATE-----Generated at Fri Apr 4 22:07:02 2025 by rpki-client